minio
diff --git a/‎Makefile
Lines changed: 1 addition & 1 deletion b/‎Makefile
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.mod
Lines changed: 3 additions & 0 deletions b/‎go.mod
Lines changed: 3 additions & 0 deletions
diff --git a/‎go.sum
Lines changed: 4 additions & 0 deletions b/‎go.sum
Lines changed: 4 additions & 0 deletions
diff --git a/‎models/login_oauth2_auth_request.go
Lines changed: 98 additions & 0 deletions b/‎models/login_oauth2_auth_request.go
Lines changed: 98 additions & 0 deletions
diff --git a/‎pkg/auth/idp.go
Lines changed: 49 additions & 0 deletions b/‎pkg/auth/idp.go
Lines changed: 49 additions & 0 deletions
diff --git a/‎pkg/auth/idp/oauth2/config.go
Lines changed: 71 additions & 0 deletions b/‎pkg/auth/idp/oauth2/config.go
Lines changed: 71 additions & 0 deletions
diff --git a/‎pkg/auth/idp/oauth2/const.go
Lines changed: 29 additions & 0 deletions b/‎pkg/auth/idp/oauth2/const.go
Lines changed: 29 additions & 0 deletions
@@ -22,7 +22,7 @@ assets:
 
 test:
 	@(go test -race -v github.com/minio/mcs/restapi/...)
-	@(go test -race -v github.com/minio/mcs/pkg/auth)
+	@(go test -race -v github.com/minio/mcs/pkg/auth/...)
 
 coverage:
 	@(go test -v -coverprofile=coverage.out github.com/minio/mcs/restapi/... && go tool cover -html=coverage.out && open coverage.html)
 
@@ -3,6 +3,7 @@ module github.com/minio/mcs
 go 1.14
 
 require (
+	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/elazarl/go-bindata-assetfs v1.0.0
 	github.com/go-openapi/errors v0.19.4
@@ -19,9 +20,11 @@ require (
 	github.com/minio/mc v0.0.0-20200415193718-68b638f2f96c
 	github.com/minio/minio v0.0.0-20200428222040-c3c3e9087bc1
 	github.com/minio/minio-go/v6 v6.0.55-0.20200424204115-7506d2996b22
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
 	github.com/satori/go.uuid v1.2.0
 	github.com/stretchr/testify v1.5.1
 	github.com/unrolled/secure v1.0.7
 	golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
 	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
+	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a
 )
@@ -69,6 +69,8 @@ github.com/coreos/bbolt v1.3.3 h1:n6AiVyVRKQFNb6mJlwESEvvLoDyiTzXX7ORAUlkeBdY=
 github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.12+incompatible h1:pAWNwdf7QiT1zfaWyqCtNZQWCLByQyA3JrSQyuYAqnQ=
 github.com/coreos/etcd v3.3.12+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
+github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
@@ -492,6 +494,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.2-0.20190702141536-6ffe496ea953 h1:oBvgW8IvwF278gJ3R4hH0gD3ZeJxjwBXVIScRR0dRc8=
 github.com/posener/complete v1.2.2-0.20190702141536-6ffe496ea953/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829 h1:D+CiwcpGTW6pL6bv6KI3KbyEyCKyS+1JWS2h8PNDnGA=
 
@@ -0,0 +1,49 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package auth
+
+import (
+	"context"
+
+	"github.com/minio/mcs/pkg/auth/idp/oauth2"
+)
+
+// IdentityProviderClient interface with all functions to be implemented
+// by mock when testing, it should include all IdentityProviderClient respective api calls
+// that are used within this project.
+type IdentityProviderClient interface {
+	VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)
+	GenerateLoginURL() string
+}
+
+// Interface implementation
+//
+// Define the structure of a IdentityProvider Client and define the functions that are actually used
+// during the authentication flow.
+type IdentityProvider struct {
+	Client IdentityProviderClient
+}
+
+// VerifyIdentity will verify the user identity against the idp using the authorization code flow
+func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error) {
+	return c.Client.VerifyIdentity(ctx, code, state)
+}
+
+// GenerateLoginURL returns a new URL used by the user to login against the idp
+func (c IdentityProvider) GenerateLoginURL() string {
+	return c.Client.GenerateLoginURL()
+}
@@ -0,0 +1,71 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// Package oauth2 contains all the necessary configurations to initialize the
+// idp communication using oauth2 protocol
+package oauth2
+
+import (
+	"github.com/minio/mcs/pkg/auth/utils"
+	"github.com/minio/minio/pkg/env"
+)
+
+func GetIdpURL() string {
+	return env.Get(McsIdpURL, "")
+}
+
+func GetIdpClientID() string {
+	return env.Get(McsIdpClientID, "")
+}
+
+func GetIdpSecret() string {
+	return env.Get(McsIdpSecret, "")
+}
+
+// Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
+func GetIdpCallbackURL() string {
+	return env.Get(McsIdpCallbackURL, "")
+}
+
+func GetIdpAdminRoles() string {
+	return env.Get(McsIdpAdminRoles, "")
+}
+
+func IsIdpEnabled() bool {
+	return GetIdpURL() != "" &&
+		GetIdpClientID() != "" &&
+		GetIdpSecret() != "" &&
+		GetIdpCallbackURL() != ""
+}
+
+var defaultPassphraseForIdpHmac = utils.RandomCharString(64)
+
+// GetPassphraseForIdpHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
+func getPassphraseForIdpHmac() string {
+	return env.Get(McsIdpHmacPassphrase, defaultPassphraseForIdpHmac)
+}
+
+var defaultSaltForIdpHmac = utils.RandomCharString(64)
+
+// GetSaltForIdpHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
+func getSaltForIdpHmac() string {
+	return env.Get(McsIdpHmacSalt, defaultSaltForIdpHmac)
+}
+
+// GetSaltForIdpHmac returns the policy to be assigned to the users authenticating via an IDP
+func GetIDPPolicyForUser() string {
+	return env.Get(McsIdpPolicyUser, "mcsAdmin")
+}
@@ -0,0 +1,29 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package oauth2
+
+const (
+	// const for idp configuration
+	McsIdpURL            = "MCS_IDP_URL"
+	McsIdpClientID       = "MCS_IDP_CLIENT_ID"
+	McsIdpSecret         = "MCS_IDP_SECRET"
+	McsIdpCallbackURL    = "MCS_IDP_CALLBACK"
+	McsIdpAdminRoles     = "MCS_IDP_ADMIN_ROLES"
+	McsIdpHmacPassphrase = "MCS_IDP_HMAC_PASSPHRASE"
+	McsIdpHmacSalt       = "MCS_IDP_HMAC_SALT"
+	McsIdpPolicyUser     = "MCS_IDP_POLICY_USER"
+)